#2540 Issue closed: Various *_ROOT_PASSWORD values must not appear in the log file¶
Labels: fixed / solved / done, critical / security / legal
jsmeix opened issue at 2020-12-11 08:58:¶
-
ReaR version ("/usr/sbin/rear -V"):
current master code -
Description of the issue (ideally so that others can reproduce it):
see https://github.com/rear/rear/pull/2539#discussion_r540783195
and https://github.com/rear/rear/issues/2155
The value of SSH_ROOT_PASSWORD but also
ZYPPER_ROOT_PASSWORD and YUM_ROOT_PASSWORD
values must not appear in the log file
in particular not in debugscript mode with set -x.
jsmeix commented at 2020-12-11 13:33:¶
The enhancement is that with things like
{ test "$SSH_ROOT_PASSWORD" ; } 2>/dev/null || SSH_ROOT_PASSWORD=''
it is posible to have no SSH_ROOT_PASSWORD in etc/rear/local.conf
but specify it only when needed as exported environment variable like
# HISTIGNORE='*SSH_ROOT_PASSWORD*'
# export SSH_ROOT_PASSWORD='qqqq'
# usr/sbin/rear -D mkrescue
to set that password in the recovery system
without a trace about its value in the log
or in a ReaR config file or in the bash history.
github-actions commented at 2021-02-10 01:58:¶
Stale issue message
jsmeix commented at 2023-05-12 12:25:¶
This one will now finally get fixed via
https://github.com/rear/rear/pull/2986
jsmeix commented at 2023-05-15 06:47:¶
With
https://github.com/rear/rear/pull/2986
merged
this issue became finally fixed.
[Export of Github issue for rear/rear.]